This issue is still there in LTS 8 latest Release. Annoying bug, especially in the corporate environment if the browser is specified.

Why is there a token for check if an request is valid but not validated against double submit. Double-Submits could be avoided by storing formTokens in BE-Session and Unsetting this tokens after Submits.This could prevent double submits by design.